From e43185e21d343741b1d98d1024db8f9703e78553 Mon Sep 17 00:00:00 2001 From: Dave Santoro Date: Mon, 10 Oct 2011 18:11:00 -0700 Subject: [PATCH] Add hidden API for pre-authorizing URIs. This allows the contacts provider to allow a caller to pre-authorize a URI for temporary use by another application that would not otherwise have the special permissions necessary to access it. Bug 5437453 Change-Id: I3bd7be7c698cac73709c2d305f1723cdcb093ec4 --- .../android/provider/ContactsContract.java | 53 +++++++++++++++++++ core/java/android/provider/Settings.java | 8 +++ 2 files changed, 61 insertions(+) diff --git a/core/java/android/provider/ContactsContract.java b/core/java/android/provider/ContactsContract.java index 8483b4f0cf445..4bc0892d3d755 100644 --- a/core/java/android/provider/ContactsContract.java +++ b/core/java/android/provider/ContactsContract.java @@ -186,6 +186,59 @@ public final class ContactsContract { */ public static final String DEFERRED_SNIPPETING_QUERY = "deferred_snippeting_query"; + /** + *

+ * API for obtaining a pre-authorized version of a URI that normally requires special + * permission (beyond READ_CONTACTS) to read. The caller obtaining the pre-authorized URI + * must already have the necessary permissions to access the URI; otherwise a + * {@link SecurityException} will be thrown. + *

+ *

+ * The authorized URI returned in the bundle contains an expiring token that allows the + * caller to execute the query without having the special permissions that would normally + * be required. + *

+ *

+ * This API does not access disk, and should be safe to invoke from the UI thread. + *

+ *

+ * Example usage: + * 

+     * Uri profileUri = ContactsContract.Profile.CONTENT_VCARD_URI;
+     * Bundle uriBundle = new Bundle();
+     * uriBundle.putParcelable(ContactsContract.Authorization.KEY_URI_TO_AUTHORIZE, uri);
+     * Bundle authResponse = getContext().getContentResolver().call(
+     *         ContactsContract.AUTHORITY_URI,
+     *         ContactsContract.Authorization.AUTHORIZATION_METHOD,
+     *         null, // String arg, not used.
+     *         uriBundle);
+     * if (authResponse != null) {
+     *     Uri preauthorizedProfileUri = (Uri) authResponse.getParcelable(
+     *             ContactsContract.Authorization.KEY_AUTHORIZED_URI);
+     *     // This pre-authorized URI can be queried by a caller without READ_PROFILE
+     *     // permission.
+     * }
+     *
+ *

+ * @hide + */ + public static final class Authorization { + /** + * The method to invoke to create a pre-authorized URI out of the input argument. + */ + public static final String AUTHORIZATION_METHOD = "authorize"; + + /** + * The key to set in the outbound Bundle with the URI that should be authorized. + */ + public static final String KEY_URI_TO_AUTHORIZE = "uri_to_authorize"; + + /** + * The key to retrieve from the returned Bundle to obtain the pre-authorized URI. + */ + public static final String KEY_AUTHORIZED_URI = "authorized_uri"; + } + /** * @hide */ diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java index 3d2a3cefeab2f..5754e60d0815b 100644 --- a/core/java/android/provider/Settings.java +++ b/core/java/android/provider/Settings.java @@ -4052,6 +4052,14 @@ public final class Settings { /** Timeout for package verification. {@hide} */ public static final String PACKAGE_VERIFIER_TIMEOUT = "verifier_timeout"; + /** + * Duration in milliseconds before pre-authorized URIs for the contacts + * provider should expire. + * @hide + */ + public static final String CONTACTS_PREAUTH_URI_EXPIRATION = + "contacts_preauth_uri_expiration"; + /** * This are the settings to be backed up. *